API attacks surge due to rise in AI
According to a recent report by Kong, 25% of respondents have encountered AI-enhanced security threats related to APIs or LLMs, with 75% of respondents expressing serious concern about AI-enhanced attacks in the future. While 85% say they’re confident in their organization’s security capabilities, 55% of respondents cited they’ve experienced an API security incident in the past year, highlighting a notable disconnect.
While 92% of respondents say they are taking measures to counter AI-enhanced attacks and 88% of respondents citing API security as a top priority, it is clear that many organizations lack the comprehensive security measures needed to protect their API infrastructure in the AI era.
As might be expected 84% of respondents feel AI and LLMs will make securing APIs more difficult, but surprisingly, the research finds many basic API security tactics being left out of overall strategy.
Thirty-five percent of organizations are adopting zero-trust architecture in order to mitigate API security risks and 3% of respondents cite shadow APIs as a significant security threat to their organization. With the convergence of APIs and AI, it is more important than ever to have a strong API security posture.
The top three measures organizations are taking to secure APIs against AI-enhanced threats include increased monitoring and traffic analysis (66%), educating staff on AI-related threats (60%) and AI-driven threat detection systems (51%).
The top three steps being taken to mitigate API security risks are API monitoring and anomaly detection tools (63%), API gateway solutions (61%), and API encryption and tokenization (58%). Forty-five percent of organizations have dedicated at least 20% of their cybersecurity budgets to API security. According to the report, 41% are unsure or doubtful that their organization’s investment is enough to cover API security risks.
